App is damaged and can't be opened. You should move it to the Trash

Hi,

I had a user report to me that they downloaded one of my apps and when they try to run it, they got a message say the app is damaged and can’t be opened. You should move it to the Trash.

This is the first time I received a report like this.

My app is universal binary.

The user said they have a 24" Mac with Mac OS 12.2.1 with Apple M1 Chip.

So I’m not sure if its a complier issue or M1 Mac issue or both or something else.

Any ideas/fixes ?

Thanks.

Note I’m using XOJO 2021 R 3.1

Is your app signed & notarized? I usually see that dialog when there’s either no signature or the bundle was modified after it was signed.

Nope not signed or notarized. Seems to be fine on Intel Macs.

It’s not, your computer just recognizes it already.

2 Likes

What does this mean? Do they double-click it? Do they have it in the Dock and click the icon in the Dock?

Have they tried right-mouse on the app wherever they’ve put it, and then select Open?

I don’t know. I would guess they doubled clicked it. I was just told they tried to open it and got that error message.

Ok I tried my app on another Intel Mac and yep and it gets the damaged error message. So did some searching on this and came across some info saying go to Security & Privacy and set "Allow apps downloaded from " to “Anywhere”. This other Mac wasn’t set to anywhere. So I tried that and it “fixed” the problem, at least for me.

That’s not really a fix because a) in modern macOS versions the only two options are “app store” and “app store and identified developers” and b) you can’t really ask users to change a critical security setting like that. It’d be easier to convince them to right-click the app, choose open, and allow the software to run anyway. The only correct solution is to go through the notarization process.

4 Likes

There are a couple of non-notarized apps I use, from trusted sources, where I don’t mind doing the right-click “Open”. But yeah, advising your customers to override Gatekeeper shouldn’t really be a thing. :slight_smile:

Oh I get that. Usually open source indie apps. But it’s not practical for normal distribution.

1 Like

Good point. I’ll have to tell them about the right click open thing.

Execute this in terminal:

sudo xattr -cr /path/to/application.app

Just ask the user to open terminal, type in “sudo xattr -cr [space]” and drag and drop Your application on Terminal window then hit Enter followed by amin password. That’s it.

Right click and Open from contextual menu won’t work when an application “is damaged”.

I had been thinking right clicking and open might not work if the OS thinks it’s damaged.

Cool Thanks!

I do frequently update one of my tools and post it on internal server in a company. This “damaged application” thing happens from time to time, randomly, per user. I mean the same application can be downloaded from the same place by several users and just one of them gets “damaged application”. Weird, since I cannot replicate this behaviour to somehow prevent it.

1 Like

You’re right, I didn’t pay close enough attention. Damaged means a file inside the bundle has changed sometime after the signature was applied. I was talking about notarization, which will say something like “Apple has not checked this for malware.”

1 Like

This error happens with Mac App Store apps (when testing before submission), I’ve found two reasons.

  1. The receipt validation code within the application doesn’t work correctly.
  2. The receipt validation at Apple’s end doesn’t work correctly.

Last year, we experienced number for a number of months. The only solution was to stop using Apple’s guidelines for the Mac and start following the iOS guidelines. This creates a new problem as iOS receipt validation is asynchronous, so your validation flow must be altered to adopt it.

I have made the code for testing App Store receipts (via iOS guidelines) available for FREE from the following page OWStoreKitBridge - Integrating the Mac App Store with Xojo